The Evolution of Security

Security is a constantly evolving challenge for businesses to tackle. There has been a massive change in the way that organisations need to consider security. The situation no longer primarily involves students in university trying to hack a business’ website. Now, cybercrime is a significant threat with deep funding, especially targeting service providers.

There have been many cases where organisations have had their intellectual property stolen and used against them. Confidential information that has been obtained will then used for profit—for example, to short sell/buy on the stock market. What used to be an accepted risk has now become a preventable occurrence by focusing on three key themes:

Confidentiality – Data should be kept private, and only the relevant people should have access to it.

Integrity – Data should be verified to make sure it is intact, and it has not been altered or corrupted.

Availability – Data should be accessible by all relevant parties whenever and wherever it is needed.

Design trends are now focused on containment—organisations can assume that they will encounter attempts at being hacked at some point in time. If hackers were to gain access to a segment of the corporate network (by exploiting a web server for example), it is desirable that the hacker’s activities are contained. Zero-day attacks are vulnerabilities that are found and exploited before software companies can issue a patch. Antivirus software vendors have not yet detected a signature for these exploits, and counter measures are not available.

Vulnerabilities

There are thousands of active vulnerabilities in Microsoft software that can be used to compromise a web server. With that in mind, these attack vectors are regularly exploited to gain shell (command prompt) access. From there, hackers will attempt to dial a home server on the internet to download larger programs (payloads) such as key loggers or packet sniffers. Once this happens, they will be able to gain further access to the network and obtain confidential intellectual property.

Containment policies are put in place to control exactly what servers have access to. If outbound access is blocked, then there will be no way to dial out and download payloads such as these sniffer programs. The goal of containment is to severely restrict who can obtain outbound access to the internet. This can be accomplished with proxies and strict enforcement of firewall layers. Ultimately, the most practical security tip for any organisation is to limit what servers can accomplish through outbound connectivity.

Compliance

Compliance is another important consideration for maintaining proper security. Internal employees are a common attack vector. This is why many compliance policies are in place (such as PCI, ISO, and SAS 70) to ensure that organisations have standardised change management and vulnerability management. These compliance policy statements may require that all software maintain current patch releases, for example. In addition, there may be regular audits to make sure that these requirements are being adhered to.